Software Development
A view in the Common Weakness Enumeration published by The MITRE Corporation.
Objective
Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping.
Target Audience
Educators
Educators use this view to teach future developers about the types of mistakes that are commonly made within specific parts of a codebase.
Software Developers
Software developers (including architects, designers, coders, and testers) use this view to better understand potential mistakes that can be made in specific areas of their software application. The use of concepts that developers are familiar with makes it easier to navigate this view, and filtering by Modes of Introduction can enable focus on a specific phase of the development lifecycle.
Categories
Weaknesses in this category are related to the use of built-in functions or external APIs.
Weaknesses in this category are related to audit-based components of a software system. Frequently these deal with logging user activities in order to identify undesir...
Weaknesses in this category are related to authentication components of a system. Frequently these deal with the ability to verify that an entity is indeed who it clai...
Weaknesses in this category are related to authorization components of a system. Frequently these deal with the ability to enforce that agents have the required permis...
Weaknesses in this category are related to coding practices that are deemed unsafe and increase the chances that an exploitable vulnerability will be present in the ap...
Weaknesses in this category are related to unexpected behaviors from code that an application uses.
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in busine...
Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or re...
Weaknesses in this category are associated with things being overly complex.
Weaknesses in this category are related to concurrent use of shared resources.
Weaknesses in this category are related to the management of credentials.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniqu...
Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such ...
Weaknesses in this category are related to the creation or neutralization of data using an incorrect format.
Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.
Weaknesses in this category are related to a software system's components for input validation, output validation, or other kinds of validation. Validation is a freque...
Weaknesses in this category are related to the documentation provided to support, create, or analyze a product.
Weaknesses in this category are related to issues surrounding the bundling of data with the methods intended to operate on that data.
This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/...
Weaknesses in this category are related to incorrectly written expressions within code.
Weaknesses in this category are related to the handling of files within a software system. Files, directories, and folders are so central to information technology tha...
Weaknesses in this category are related to improper management of handlers.
Weaknesses in this category are related to improper handling of sensitive information.
Weaknesses in this category occur in behaviors that are used for initialization and breakdown.
Weaknesses in this category are related to a software system's lockout mechanism. Frequently these deal with scenarios that take effect in case of multiple failed atte...
Weaknesses in this category are related to the handling of memory buffers within a software system.
Weaknesses in this category are related to improper calculation or conversion of numbers.
Weaknesses in this category are related to improper assignment or handling of permissions.
Weaknesses in this category are related to improper handling of pointers.
Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the a...
Weaknesses in this category are related to a software system's random number generation.
Weaknesses in this category are related to improper handling of locks that are used to control access to resources.
Weaknesses in this category are related to improper management of system resources.
Weaknesses in this category are related to the improper handling of signals.
Weaknesses in this category are related to improper management of system state.
Weaknesses in this category are related to the creation and modification of strings.
Weaknesses in this category are caused by improper data type transformation or improper handling of multiple data types.
Weaknesses in this category are related to or introduced in the User Interface (UI).
Weaknesses in this category are related to session management. Frequently these deal with the information or status about each user and their access rights for the dur...
Deprecated or Obsolete
Weaknesses in this category are related to errors in the management of cryptographic keys.
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.